tls13: Add checks of overread check failures

In Certificate message parsing tests with
invalid vector lengths, add checks that the
parsing failed on the expected overread check.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2022-06-10 17:24:31 +02:00
parent ad8c17b9c6
commit e7b9b6b380

View file

@ -106,6 +106,22 @@ void init_handshake_options( handshake_test_options *opts )
opts->resize_buffers = 1;
}
#if defined(MBEDTLS_TEST_HOOKS)
static void set_chk_buf_ptr_args(
mbedtls_ssl_chk_buf_ptr_args *args,
unsigned char *cur, unsigned char *end, size_t need )
{
args->cur = cur;
args->end = end;
args->need = need;
}
static void reset_chk_buf_ptr_args( mbedtls_ssl_chk_buf_ptr_args *args )
{
memset( args, 0, sizeof( *args ) );
}
#endif /* MBEDTLS_TEST_HOOKS */
/*
* Buffer structure for custom I/O callbacks.
*/
@ -2308,6 +2324,7 @@ exit:
}
#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
#if defined(MBEDTLS_TEST_HOOKS)
/*
* Tweak vector lengths in a TLS 1.3 Certificate message
*
@ -2320,7 +2337,8 @@ exit:
* MBEDTLS_SSL_CHK_BUF_READ_PTR failure is expected.
*/
int tweak_tls13_certificate_msg_vector_len(
unsigned char *buf, unsigned char **end, int tweak, int *expected_result )
unsigned char *buf, unsigned char **end, int tweak,
int *expected_result, mbedtls_ssl_chk_buf_ptr_args *args )
{
/*
* The definition of the tweaks assume that the certificate list contains only
@ -2362,6 +2380,7 @@ int tweak_tls13_certificate_msg_vector_len(
* certificate list length can be read
*/
*end = buf + 3;
set_chk_buf_ptr_args( args, buf, *end, 4 );
break;
case 2:
@ -2369,34 +2388,46 @@ int tweak_tls13_certificate_msg_vector_len(
*/
*p_certificate_request_context_len =
certificate_request_context_len + 1;
reset_chk_buf_ptr_args( args );
break;
case 3:
/* Failure when checking if certificate_list data can be read. */
MBEDTLS_PUT_UINT24_BE( certificate_list_len + 1,
p_certificate_list_len, 0 );
set_chk_buf_ptr_args( args, certificate_list, *end,
certificate_list_len + 1 );
break;
case 4:
/* Failure when checking if the cert_data length can be read. */
MBEDTLS_PUT_UINT24_BE( 2, p_certificate_list_len, 0 );
set_chk_buf_ptr_args( args, p_cert_data_len, certificate_list + 2, 3 );
break;
case 5:
/* Failure when checking if cert_data data can be read. */
MBEDTLS_PUT_UINT24_BE( certificate_list_len - 3 + 1,
p_cert_data_len, 0 );
set_chk_buf_ptr_args( args, cert_data,
certificate_list + certificate_list_len,
certificate_list_len - 3 + 1 );
break;
case 6:
/* Failure when checking if the extensions length can be read. */
MBEDTLS_PUT_UINT24_BE( certificate_list_len - extensions_len - 1,
p_certificate_list_len, 0 );
set_chk_buf_ptr_args( args, p_extensions_len,
certificate_list + certificate_list_len - extensions_len - 1, 2 );
break;
case 7:
/* Failure when checking if extensions data can be read. */
MBEDTLS_PUT_UINT16_BE( extensions_len + 1, p_extensions_len, 0 );
set_chk_buf_ptr_args( args, extensions,
certificate_list + certificate_list_len, extensions_len + 1 );
break;
default:
@ -2405,6 +2436,7 @@ int tweak_tls13_certificate_msg_vector_len(
return( 0 );
}
#endif /* MBEDTLS_TEST_HOOKS */
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@ -5815,6 +5847,7 @@ void tls13_server_certificate_msg_invalid_vector_len( )
size_t buf_len;
int step = 0;
int expected_result;
mbedtls_ssl_chk_buf_ptr_args expected_chk_buf_ptr_args;
/*
* Test set-up
@ -5862,7 +5895,7 @@ void tls13_server_certificate_msg_invalid_vector_len( )
*/
ret = tweak_tls13_certificate_msg_vector_len(
buf, &end, step, &expected_result );
buf, &end, step, &expected_result, &expected_chk_buf_ptr_args );
if( ret != 0 )
break;
@ -5870,6 +5903,11 @@ void tls13_server_certificate_msg_invalid_vector_len( )
ret = mbedtls_ssl_tls13_parse_certificate( &(client_ep.ssl), buf, end );
TEST_EQUAL( ret, expected_result );
TEST_ASSERT( mbedtls_ssl_cmp_chk_buf_ptr_fail_args(
&expected_chk_buf_ptr_args ) == 0 );
mbedtls_ssl_reset_chk_buf_ptr_fail_args( );
ret = mbedtls_ssl_session_reset( &(client_ep.ssl) );
TEST_EQUAL( ret, 0 );
@ -5878,6 +5916,7 @@ void tls13_server_certificate_msg_invalid_vector_len( )
}
exit:
mbedtls_ssl_reset_chk_buf_ptr_fail_args( );
mbedtls_endpoint_free( &client_ep, NULL );
mbedtls_endpoint_free( &server_ep, NULL );
USE_PSA_DONE( );